Skip to content

Commit

Permalink
Merge pull request #154 from ds-pweick/refactor/release-workflow
Browse files Browse the repository at this point in the history
Refactor/release workflow
  • Loading branch information
ds-pweick authored Jul 3, 2024
2 parents 6814df4 + 1d498d4 commit 8cf228f
Show file tree
Hide file tree
Showing 10 changed files with 209 additions and 77 deletions.
32 changes: 31 additions & 1 deletion .github/workflows/helm-chart-release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,40 @@ name: Release Helm Charts
on:
workflow_dispatch: # Trigger manually
workflow_call:
inputs:
checkout-tag:
description: 'Whether to check out a tag'
required: false
type: boolean
default: false

ref-to-checkout:
description: 'Ref of branch/tag from which to execute workflow'
required: true
type: string
push:
branches:
- main
paths:
- 'charts/**'

jobs:
determine-ref:
runs-on: ubuntu-latest
outputs:
ref: ${{ steps.determine-ref.outputs.ref }}
steps:
- name: Determine ref to check out
id: determine-ref
run: |
if [[ "${{ inputs.checkout-tag }}" == "false" ]]; then
echo "ref=${{ github.ref }}" >> "$GITHUB_OUTPUT"
else
echo "ref=${{ inputs.ref-to-checkout }}" >> "$GITHUB_OUTPUT"
fi
get-helm-charts-versions-irs:
needs: determine-ref
outputs:
latest_version: ${{ steps.step1.outputs.latest_version }}
current_version: ${{ steps.step2.outputs.current_version }}
Expand All @@ -22,6 +48,8 @@ jobs:
uses: actions/checkout@v4
with:
fetch-depth: 0
fetch-tags: 'true'
ref: ${{ needs.determine-ref.outputs.ref }}

- name: Get helm charts latest tag version
id: step1
Expand All @@ -37,7 +65,7 @@ jobs:
echo "Exported $chartVersion helm charts version"
release:
needs: "get-helm-charts-versions-irs"
needs: [get-helm-charts-versions-irs, determine-ref]
if: needs.get-helm-charts-versions-irs.outputs.latest_version != needs.get-helm-charts-versions-irs.outputs.current_version
# depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions
# see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
Expand All @@ -49,6 +77,8 @@ jobs:
uses: actions/checkout@v4
with:
fetch-depth: 0
fetch-tags: 'true'
ref: ${{ needs.determine-ref.outputs.ref }}

- name: Configure Git
run: |
Expand Down
39 changes: 37 additions & 2 deletions .github/workflows/irs-build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,18 @@ name: IRS build
on:
workflow_dispatch: # Trigger manually
workflow_call:
inputs:
checkout-tag:
description: 'Whether to check out a tag'
required: false
type: boolean
default: false

ref-to-checkout:
description: 'Ref of branch/tag from which to execute workflow'
required: true
type: string

pull_request:
paths-ignore:
- '**/*.md'
Expand All @@ -20,6 +32,20 @@ on:
- '**'

jobs:
determine-ref:
runs-on: ubuntu-latest
outputs:
ref: ${{ steps.determine-ref.outputs.ref }}
steps:
- name: Determine ref to check out
id: determine-ref
run: |
if [[ "${{ inputs.checkout-tag }}" == "false" ]]; then
echo "ref=${{ github.ref }}" >> "$GITHUB_OUTPUT"
else
echo "ref=${{ inputs.ref-to-checkout }}" >> "$GITHUB_OUTPUT"
fi
init:
runs-on: ubuntu-latest
outputs:
Expand All @@ -35,9 +61,13 @@ jobs:
build:
runs-on: ubuntu-latest
needs: determine-ref
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-tags: 'true'
ref: ${{ needs.determine-ref.outputs.ref }}

- name: Set up JDK 17
uses: actions/setup-java@v4
Expand All @@ -57,7 +87,7 @@ jobs:
mvn clean verify --batch-mode
analyze_with_Sonar:
needs: [init]
needs: [init, determine-ref]
# No need to run if we cannot use the sonar token
if: >-
needs.init.outputs.sonar_configured == 'true'
Expand All @@ -68,6 +98,8 @@ jobs:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of sonar analysis
fetch-tags: 'true'
ref: ${{ needs.determine-ref.outputs.ref }}

- name: Set up JDK 17
uses: actions/setup-java@v4
Expand Down Expand Up @@ -100,7 +132,7 @@ jobs:
-Dcheckstyle.skip -Dpmd.skip=true
build_images:
needs: [init]
needs: [init, determine-ref]
strategy:
matrix:
image:
Expand All @@ -110,6 +142,9 @@ jobs:
image-tag: ${{ steps.version.outputs.image_tag }}
steps:
- uses: actions/checkout@v4
with:
fetch-tags: 'true'
ref: ${{ needs.determine-ref.outputs.ref }}

- name: Build image to make sure Dockerfile is valid
run: |
Expand Down
16 changes: 12 additions & 4 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -214,28 +214,36 @@ jobs:
needs:
- release
uses: ./.github/workflows/helm-chart-release.yaml
if: ${{ github.ref_name != 'main' }} # triggered automatically on main
with:
checkout-tag: true
ref-to-checkout: 'refs/tags/${{ inputs.irs-version }}'

build-irs:
name: "Build IRS"
needs:
- release
uses: ./.github/workflows/irs-build.yml
secrets: inherit
if: ${{ github.ref_name != 'main' }} # triggered automatically on main
with:
checkout-tag: true
ref-to-checkout: 'refs/tags/${{ inputs.irs-version }}'

trivy-image-scan:
name: "Scan image in local registry with Trivy"
needs:
- release
uses: ./.github/workflows/trivy-image-scan.yml
secrets: inherit
if: ${{ github.ref_name != 'main' }} # triggered automatically on main
with:
checkout-tag: true
ref-to-checkout: 'refs/tags/${{ inputs.irs-version }}'

validate-openapi-definition:
needs:
- release
name: "Validate OpenAPI definition"
uses: ./.github/workflows/swagger-editor-validate.yml
secrets: inherit
if: ${{ github.ref_name != 'main' }} # triggered automatically on main
with:
checkout-tag: true
ref-to-checkout: 'refs/tags/${{ inputs.irs-version }}'
33 changes: 32 additions & 1 deletion .github/workflows/swagger-editor-validate.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,17 @@ name: "Validate OpenAPI definition"
on:
workflow_dispatch: # Trigger manually
workflow_call:
inputs:
checkout-tag:
description: 'Whether to check out a tag'
required: false
type: boolean
default: false

ref-to-checkout:
description: 'Ref of branch/tag from which to execute workflow'
required: true
type: string
pull_request:
push:
branches:
Expand All @@ -11,12 +22,32 @@ on:
- '**'

jobs:
determine-ref:
runs-on: ubuntu-latest
outputs:
ref: ${{ steps.determine-ref.outputs.ref }}
steps:
- name: Determine ref to check out
id: determine-ref
run: |
if [[ "${{ inputs.checkout-tag }}" == "false" ]]; then
echo "ref=${{ github.ref }}" >> "$GITHUB_OUTPUT"
else
echo "ref=${{ inputs.ref-to-checkout }}" >> "$GITHUB_OUTPUT"
fi
test_swagger_editor_validator_remote:
runs-on: ubuntu-latest
needs: determine-ref
name: Swagger Editor Validator Remote

steps:
- uses: actions/checkout@v4
- name: Checkout
uses: actions/checkout@v4
with:
fetch-tags: 'true'
ref: ${{ needs.determine-ref.outputs.ref }}

- name: Validate OpenAPI definition
uses: char0n/swagger-editor-validate@v1
with:
Expand Down
31 changes: 30 additions & 1 deletion .github/workflows/trivy-image-scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,17 @@ name: "Trivy vulnerability scanner for image"
on:
workflow_dispatch: # Trigger manually
workflow_call:
inputs:
checkout-tag:
description: 'Whether to check out a tag'
required: false
type: boolean
default: false

ref-to-checkout:
description: 'Ref of branch/tag from which to execute workflow'
required: true
type: string
pull_request:
paths-ignore:
- '**/*.md'
Expand All @@ -23,8 +34,23 @@ on:
- cron: '0 0 * * *' # Once a day

jobs:
determine-ref:
runs-on: ubuntu-latest
outputs:
ref: ${{ steps.determine-ref.outputs.ref }}
steps:
- name: Determine ref to check out
id: determine-ref
run: |
if [[ "${{ inputs.checkout-tag }}" == "false" ]]; then
echo "ref=${{ github.ref }}" >> "$GITHUB_OUTPUT"
else
echo "ref=${{ inputs.ref-to-checkout }}" >> "$GITHUB_OUTPUT"
fi
analyze-irs-api:
runs-on: ubuntu-latest
needs: determine-ref
permissions:
actions: read
contents: read
Expand All @@ -36,8 +62,11 @@ jobs:
- 5000:5000

steps:
- name: Checkout repository
- name: Checkout
uses: actions/checkout@v4
with:
fetch-tags: 'true'
ref: ${{ needs.determine-ref.outputs.ref }}

- name: Build image
uses: docker/build-push-action@v6
Expand Down
16 changes: 1 addition & 15 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,18 +8,6 @@ _**For better traceability add the corresponding GitHub issue number in each cha

## [Unreleased]

## [5.1.9] - 2024-06-27

### Added

- soemthing was added

### Changed

- and something else was changed

## [5.1.5] - 2024-06-27

### Fixed

- Fixed ESS Investigation job processing not starting #579
Expand Down Expand Up @@ -710,9 +698,7 @@ _**For better traceability add the corresponding GitHub issue number in each cha
- **Select Aspects you need** You are able to select the needed aspects for which you want to collect the correct endpoint information.


[Unreleased]: https://github.com/eclipse-tractusx/item-relationship-service/compare/5.1.9...HEAD
[5.1.9]: https://github.com/eclipse-tractusx/item-relationship-service/compare/5.1.5...5.1.9
[5.1.5]: https://github.com/eclipse-tractusx/item-relationship-service/compare/5.1.4...5.1.5
[Unreleased]: https://github.com/eclipse-tractusx/item-relationship-service/compare/5.1.4...HEAD
[5.1.4]: https://github.com/eclipse-tractusx/item-relationship-service/compare/5.1.3...5.1.4
[5.1.3]: https://github.com/eclipse-tractusx/item-relationship-service/compare/5.1.2...5.1.3
[5.1.2]: https://github.com/eclipse-tractusx/item-relationship-service/compare/5.1.1...5.1.2
Expand Down
Loading

0 comments on commit 8cf228f

Please sign in to comment.